The proliferation of smartphones, tablets, and other mobile devices — here come the “wearables” — has opened up new opportunities for businesses to leverage employee-owned technology for competitive advantage. That being said, the use of such devices in the workplace can compromise sensitive data, especially when comprehensive BYOD policies are not implemented and enforced.
Surprisingly, while corporate BYOD adoption is gaining acceptance, a recent survey by Cisco/BT revealed that only 36% of companies actually have a BYOD policy in place. Perhaps that low number could be attributed to the fact that 82 percent of businesses with BYOD policies in place reported in the survey that they have already had to deal with security risks caused by the use of personal devices in the workplace.
As the BYOD movement continues to gain momentum, many companies will have no choice but to adopt BYOD policies, but failure to properly enforce them will continue to put sensitive data in danger of cyber attacks. To help your business better prepare for BYOD, here is a look at 5 ways poorly enforced policies can create cyber security risks.
1. Failure to recognize that BYOD is already happening
Tech savvy employees are already using their personal devices for work. The problem is that their bosses don’t know it. According to the Cisco survey, 90 percent of U.S. employees currently use their smartphones for at least some business related tasks. Of that group, only 40 percent felt that their employers were equipped to handle any security risks that might arise from BYOD. Employers need to understand that BYOD isn’t coming, it’s already here and then respond appropriately.
2. Lax password protection
Companies that fail to ensure that all personal devices used for work are password protected are asking for a cyber attack to occur. And yet 40 percent of survey respondents who said they used personal devices at work admitted that those devices were not password protected. While 66 percent of Apple iOS users said they used password protection, only 54 percent of Google Android users claimed to lock their devices with passwords. The stipulation that all BYOD devices be password protected, along with adequate follow-up to make sure that rule is enforced, is foundationally critical for an effective BYOD policy.
3. Overlooking Wi Fi and Bluetooth risks
It’s common knowledge that one of the best ways to put sensitive data at risk is to access unsecured Wi Fi networks. According to the Cisco survey, 52 percent of employees admitted to doing just that while using their devices for work-related tasks both at work and after hours when reading work-related emails---69 percent of employees admitted to the latter practice. But what’s even more surprising is that 48 percent of smartphone users admitted that they leave their device’s Bluetooth features ON when performing work-related tasks. The takeaway here is that those companies that implement and enforce strict Wi Fi and Bluetooth best practices for BYOD will dramatically reduce cyber risks.
4. Casual reporting of lost or stolen devices
When any device used to accomplish work-related tasks is lost or stolen, sirens and red light alerts should automatically pop up all over the place. But unfortunately, that just doesn’t happen. In fact, many employees fail to report a lost or stolen device right away for fear of corporate retribution, or because they think that maybe the device will eventually turn up. But the reality is that it most likely will turn up---in the wrong hands. As for the corporate contribution to the problem, 84 percent of employees in the survey said that employers would not replace devices that were lost or stolen. More surprisingly, 86 percent said that their companies did not have the ability to wipe a lost or stolen device remotely.
Companies implementing BYOD must have clear and set policies regarding the quick reporting of lost or stolen devices. And remote wipe capabilities are mandatory.
5. Failure to address the possibility of malicious employees
Today’s smartphones are powerful and portable computers with all kinds of functions that make them valuable tools in the workplace. However, tools such as tiny hi-definition cameras are readily available for malicious employees to use to quietly take pictures of computer screens or sensitive documents and then share them undetected at the touch of a screen. Companies must have clear BYOD policies and closely monitor the use of devices that could be used for stealing sensitive information.
In adopting BYOD, developing and implementing a comprehensive BYOD policy that clearly spells out how personal devices permitted for work purposes can and cannot be used is an important first step. However, a reduction in cyber security risks associated with BYOD will only be realized when companies actively enforce those policies---at the same time monitoring compliance.